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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS 
WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may te available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MOMTHS fix>m the mailing date of this communication 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication{s) filed on 14 December 2004 . 
2a)n This action is FINAL 2b)^ This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayfe, 1 935 C. D. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) S Claim{s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed 

6) ^ Claim(s) 1-12 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) [3 The specification is objected to by the Examiner. 

10)K The drawing(s) filed on 14 December 2004 is/are: a)^ accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement dra>Mng sheet(s) including the correction is required If the drawing(s) Is objectsd to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)13 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)S All b)n Some * c)n None of 

1 .13 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This first non-final action is in response to the original filing of 12/14/2004. Claims 1-12 
are pending and have been considered as follows. 

Specification 

1 . The disclosure is objected to because of the following informalities: 

2. The disclosure is objected to because it contains an embedded hyperlink and/or other 
form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or 
other form of browser-executable code. See MPEP § 608.01. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of .35 U.S.C. 102 that form the 
basis for tiie rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-3, 7, 9, & 12 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Koehler (US-6301658-B1). 
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Claim 1: 

Koehler discloses a system comprising a plurality of devices comprising, 

- "said plurality comprising at least a first device and a second device" (i.e. "the invention 
is a method for authenticating a user digital certificate issued by a certification authority 
(CA) belonging to a hierarchy of certification authorities (CA's) having a root CA") 
[column 3 lines 45-47]; 

- "the devices of said plurality being assigned a respective device identifier" (i.e. "Owner 
infomiation 15 identifies the owner of digital certificate 10 and typically includes 
information such as the owner's name, address and organization") [column 5 lines 2-5]; 

- **the first device being arranged to authenticate itself to the second device by presenting 
to the second device a group certificate identifying a range of non-revoked device 
identifier" (i.e. "Public key 20 is the owner's public key that can be used to authenticate 
any message sent by the owner. Certificate 10 is used to establish the authenticity of the 
owner's public key 20") [column 5 lines 5-8]; 

- "said range encompassing the device identifier of the first device" (i.e. "CA information 
35 may identify a particular group or branch within an organization") [column 5 lines 15- 
17]. 
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Claim 2: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, further 
comprising, 

- 'the respective device identifiers correspond to leaf nodes in a hierarchically ordered 
tree" (i.e. "Serial number 30 is .a unique number generated by . a certification authority 
(CA) and is used to identify certificate 10. CA information 35 identifies the certification 
authority that issued certificate 10") [column 5 lines 12-15]; 

- 'the group certificate identifies a node in the hierarchically ordered tree" (i.e. "Serial 
number 30 is a unique number generated by a certification authority (CA) and is used to 
identify certificate 10. CA information 35 identifies the certification authority that issued 
certificate 10") [column 5 lines 12-15]; 

- "said node representing a subtree in which the leaf nodes correspond to the range of non- 
revoked device identifier" (i.e. "CA digital signature 40 is the digital signature of the 
issuing certificate authority and is used to verify that certificate 10 is authentic and indeed 
issued by the authority identified in CA information 35") [column 5 lines 17-20]. 

Claim 3: 

Koehler discloses a system comprising a plurality of devices, as in Claim 2 above, fiirther 
comprising, 

- "the group certificate further identifies a fiirther node in the subtree" (i.e. "Serial number 
30 is a unique number generated by a certification authority (CA) and is used to identify 
certificate 10. CA information 35 identifies the certification authority that issued 
certificate 10") [column 5 lines 12-15]; 
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- "said further node representing a further subtree in which the leaf nodes correspond to 
device identifiers excluded from the range of non-revoked device identifier" (i.e. "Serial 
number 30 is a unique number generated by a certification authority (CA) and is used to 
identify certificate 10. CA information 35 identifies the certification authority that issued 
certificate 10") [column 5 lines 12-15]. 

Claim?: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, fiirther 
comprising, 

- "a single group certificate identifies plural respective ranges of non-revoked device 
identifiers" (i.e. "CA information 35 may identify a particular group or branch within an 
organization") [column 5 lines 15-17]. 

Claim 9: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, fiirther 
comprising, 

- "the group certificate comprises an indication of a validity period and the second device 
authenticates the first device if said validity period is acceptable" (i.e. "Validity period 25 
typically defines a period of time for which certificate 10 is valid. Certificate 10 is 
considered expired beyond validity period 25 in which case public key 20 may no longer 
be used to authenticate messages") [column 5 lines 8-10]. 
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Claim 12: 

Koehler discloses a first device comprising, 

- "being assigned a device identifier" (i.e. "Owner information 15 identifies the ovmer of 
digital certificate 10 and typically includes information such as the owner's name, address 
and organization") [column 5 lines 2-5]; 

- "being arranged to authenticate itself to a second device by presenting to the second 
device a group certificate identifying a range of non-revoked device identifiers" (i.e. 
"Public key 20 is the owner's public key that can be used to authenticate any message 
sent by the owner. Certificate 10 is used to establish the authenticity of the owner's public 
key 20") [column 5 lines 5-8]; 

- "said range enconipassing the device identifier of the first device" (i.e. "CA information 
35 may identify a particular group or branch withm an organization") [column 5 lines 15- 

Claim Rejections '35 USC §103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 4 & 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Koehler 
(US-6301658-B1). 
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Claim 4: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, further 
comprising, 

- 'the group certificate identifies a subrange of the sequentially ordered range" (i.e. "Serial 
number 30 is a unique number generated by a certification authority (CA) and is used to 
identify certificate 10. CA information 35 identifies the certification authority that issued 
certificate 10") [column 5 lines 12-15]; 

- "said subrange encompassing the range of non-revoked device identifier" (i.e. "CA 
digital signature 40 is the digital signature of the issuing certificate authority and is used 
to verify that certificate 10 is authentic and indeed issued by the authority idaitified in 
CA information 35") [column 5 lines 17-20]; 

but does not explicitly disclose, 

- "the respective device identifiers are selected fi-om a sequentially ordered range" 
however, Koehler does disclose, 

- "Verification cache 70 is organized for efficient lookup of an item and, in one 
embodiment, is organized by owner and information type" [column 6 lines 3-5]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "the respective device identifiers are selected fi-om a 
sequentially ordered range," in the invention as disclosed by Koehler for the purposes of 
organized and efficient lookup of an item. 
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Claim 8: 

Koehler discloses a system comprising a plurality of devices, as in Claim 7 above, but does not 
explicitly disclose, 

- 'the plural respective ranges in the single group certificate are sequentially ordered" 

- 'the single group certificate identifiiss the plural respective ranges through an indication 
of the lowest and highest respective ranges in the sequential ordering" 

however, Koehler does disclose. 

- "Verification cache 70 is organized for efficient lookup of an item and, in one 
embodiment, is organized by owner and information type" [column 6 lines 3-5]; 

Therefore, it would have been obvious for one of ordinaiy skill in the art at the time of the 
applicant's invention to include, "the plural respective ranges in the single group certificate are 
sequentially ordered" and "the single group certificate identifies the plural respective ranges 
through an indication of the lowest and highest respective ranges in the sequential ordering," in 
the invention as disclosed by Koehler for the purposes of organized and efficient lookup of an 
item 

7. Claims 5, 6, 10, & 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Koehler (US-6301658-B1) in view of EUev et al. (US-6883100-B1). 

Claims: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, fiirther 
comprising, 

- "if the device identifier of at least one device in the system falls within the particular 
range identified in said received group certificate" (i.e. "Validity period 25 typically 
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defines a period of time for which certificate 10 is valid. Certificate 10 is considered 
expired beyoiid validity period 25 in which case public key 20 may no longer be used to 
authenticate messages") [column 5 lines 8-10]; 
but Koehler does not disclose. 

- "a gateway device arranged to receive a group certificate from an external source" 

- "a gateway device arranged to distribute said received group certificate to the devices in 
the system" 

however, Ellev et al. do disclose, 

- "The network cloud 102 may contain transmission lines, repeaters, routers, network 
backbones, network interconnect points, etc., depending upon the extent of the network 
which it represents" [column 7 lines 4-7]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "a gateway device arranged to receive a group certificate fi'om 
an external source" and "a gateway device arranged to distribute said received group certificate 
to the devices in the system," in the invention as disclosed by Koehler since a gateway device 
may be a router. 
Claim 6: 

Koehler discloses a system comprising a plurality of devices, as in Claim 5 above, fiirther 
comprising, 

- "the gateway device fiirther being arranged to cache at least a subset of all the received 
group certificates" (i.e. "verification server 60 maintains verification cache 70") [column 
5 lines 64-65]. 
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Claim 10: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, further 
comprising, 

- "the second device is arranged to successfully authenticate the first device" (i.e. "Public 
key 20 is the owner's public key that can be used to authenticate any message sent by the 
owner. Certificate 10 is used to establish the authenticity of the owner's public key 20") 
[column 5 lines 5-8]; 

- "if a version indication in Ihe group certificate is at least equal to the indication of the 
lowest acceptable certificate version" (i.e. "Validity period 25 typically defines a period 
of time for which certificate 10 is valid. Certificate 10 is considered expired beyond 
validity period 25 in which case public key 20 may no longer be used to authenticate 
messages") [column 5 lines 8-10]; 

but, Koehler does not disclose, 

- "the second device is arranged to distribute protected content comprising an indication of 
a lowest acceptable certificate version to the first device upon successful authentication 
of the first device" 

however, Ellev et al. do disclose, 

- "At block 622 client Alice 104 transmits to resource server Bob 1 10 the group 
membership certificate associated with the highest group in the chain, i.e. the root group 
authorized for access on the resource ACL 1 1 4" [column 1 0 lines 4 1 -44] ; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "the second device is arranged to distribute protected content 
comprising an indication of a lowest acceptable certificate version to the first device upon 
successful authentication of the first device," in the invention as disclosed by Koehler for the 
purposes of permitting access to resources in accordance with a particular certified group (i.e. 
low, medium, or high clearance, etc). 
Claim 11: 

Koehler discloses a system comprising a plurality of devices, as in Claim 1 above, further 
comprising, 

- 'the second device is arranged to successfully authenticate the first device" (i.e. "Public 
key 20 is the owner's public key that can be used to authenticate any message sent by the 
owner. Certificate 10 is used to establish the authenticity of the owner's public key 20") 
[column 5 lines 5-8]; 

- "if a version indication in the group certificate is at least equal to the version indication in 
the group certificate of the second device" (i.e. "Validity period 25 typically defines a 
period of time for which certificate 10 is valid. Certificate 10 is considered expired 
beyond validity period 25 in which case public key 20 may no longer be used to 
authenticate messages") [column 5 lines 8-10]; 

but, Koehler does not disclose, 

- "the second device is arranged to distribute protected content upon successful 
authentication of the first device" 



Application/Control Number: 10/517,926 Page 12 

Art Unit: 2136 

however, Ellev et al. do disclose, 

- "At block 622 client Alice 104 transmits to resource server Bob 1 10 the group 

membership certificate associated with the highest group in the chain, i.e. the root group 
authorized for access on the resource ACL 114" [column 10 lines 41-44]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "the second device is arranged to distribute protected content 
upon successful authentication of the first device," in the invention as disclosed by Koehler for 
the purposes of permitting access to resources in accordance with a particular certified group (i.e. 
low, medium, or high clearance, etc). 

Conclusion 

8. Any inquiry concerning this communication or earlier communications fi*om the 
examiner should be directed to Examiner Oscar Louie whose telephone number is 571-270-1684. 
The examiner can normally be reached Monday through Thursday fi-om 7:30 AM to 4:00 PM. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Nasser Moa^zami, can be reached at 571-272-4195. The fax phone number for 
Formal or Official faxes to Technology Center 2100 is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
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PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated infr)rmation system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



OAL 
11/01/2007 



Nasser Moazzami 
Supervisory Patent Examiner 



